CVE-2021-47013 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability, CVE-2021-47013, is a use-after-free bug in the Linux kernel's `emac_mac_tx_buf_send` function. This function calls `emac_tx_fill_tpd`, which may free the `skb` (socket buffer) via `dev_kfree_skb(skb)` if an error occurs. However, the freed `skb` is still used later in the code via `skb->len` by `netdev_sent_queue`.

 The issue arises because `emac_tx_fill_tpd` does not modify the value of `skb->len`, so when the `skb` is freed and then reused, it leads to a use-after-free condition.

 To fix this bug, the patch assigns `skb->len` to a local variable `len` before
	The vulnerability, CVE-2021-47013, is a use-after-free bug in the Linux kernel's `emac_mac_tx_buf_send` function. This function calls `emac_tx_fill_tpd`, which may free the `skb` (socket buffer) via `dev_kfree_skb(skb)` if an error occurs. However, the freed `skb` is still used later in the code via `skb->len` by `netdev_sent_queue`.

	The issue arises because `emac_tx_fill_tpd` does not modify the value of `skb->len`, so when the `skb` is freed and then reused, it leads to a use-after-free condition.

	To fix this bug, the patch assigns `skb->len` to a local variable `len` before